X still has the verified bot problem – this time they came after the TechCrunch authors

This week I used to be scrolling through X, formerly Twitter, and noticed that I had reposted a series of TechCrunch articles. Just, wait, no, I didn’t do it.

But another person did it, using my name. I clicked on the profile and saw a distinct Rebecca Bellan, using the same default and header photos as my actual profile: me on stage at TechCrunch Disrupt 2022 and Chloe on the side, respectively. The bio reads: “@Techcrunch Senior Reporter | journalist” and had the location set to New York, where I currently live. The account was created in May 2024.

Perhaps most surprising after realizing that somebody – who? Bot?! — created my account impersonating me, was the incontrovertible fact that they allegedly paid for it, as evidenced by the little blue checkmark next to my name.

When X was still Twitter, a blue checkmark informed other users that the profile had been verified as noteworthy. However, since Elon Musk’s hostile takeover, that checkmark now means a user pays a minimum of $8 a month for a premium subscription, which provides them access to longer posts, fewer ads, higher algorithmic consideration, and Grok. And while X modified tack in April and returned the verification badge to some users based on follower count, a blue checkmark can even mean someone is a fan of Musk. You don’t consider me? Just take a look at all the eager guys who reply to any of them Musk’s posts.

Either way, I’m neither a paid subscriber nor a fan.

I’m not the only one that has been targeted by impersonation accounts. Several TechCrunch journalists were also impersonated on the platform. Some accounts, including my fake one, were suspended after reporting X’s issue. But that only tells us that X is actively aware of this issue.

The problem is that these kinds of spoofing attacks are much easier to perform attributable to the degradation of the X verification system, which doesn’t actually require any identity verification. Having a pay-to-play blue check system just begs bad actors and nation states to abuse it.

X really must have learned his lesson by now. When Musk initially launched the service, then called Twitter Blue, in November 2023, the feature was quickly used to assist bad actors pose as celebrities, corporations and government officials. One account impersonated the pharmaceutical company Eli Lilly and published a false announcement that insulin was now free. This tweet was viewed thousands and thousands of times before it was deleted, causing the company’s shares to drop significantly in value.

Another account claimed to be basketball star LeBron James and posted that he was officially requesting a trade from the Lakers. Another pretended to be Connor McDavid and announced that the hockey player’s contract had been bought by the New York Islanders.

Accounts claiming to be TechCrunch journalists have thus far been harmless. All they did was repost content that, truthfully, any of us could repost anyway. This suggests that reasonably than particularly malicious actors, the accounts were likely created by bots.

We have been coping with the problem of user X’s verified bot for some time now. The irony is that Musk suggested that forcing users to pay for verification would actually eliminate bots from the platform, but that apparently is not the case.

In the case of individuals you might be impersonating, you possibly can report it to company X, which can end in external verification by sending photos of a government-issued ID and a selfie. I also asked colleagues, friends and followers to report the impersonation of Company X on my behalf, which could have sped up the process.

X didn’t reply to TechCrunch to comment on how lots of its users might actually be bots, why this problem persists, or what the platform is doing to handle it.